CLAIM AMENDMENTS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1 . (Currently Amended) A method comprising: 

storing at l e ast one key within a tamp e r d e t e ction boundary of a circuit cord 
coupled to a syst e m bus of a host processor; 

storing encrypted metadata for determining a configuration of a redundant array 
of independent disks (RAID) storage : 

receiving a request to write data to one or more locations in the RAID storage: 

encrypting, based upon [[the]] at least one key, one or more respective portions 
of write data to generate one or more respective portions of encrypted write data to be 
stored in the one or more locations of the RAID storage in a storag e coupled to th e 
syst e m bus, th e e ncrypt e d write data gen e rat e d by on input/output ("I/O") proc e ssor on 
th e circuit card ; 

generating, based upon the one or more respective portions of the encrypted write 
data, check data to be stored in the RAID storage; and 

selecting the one or more locations in the RAID storage for storing the one or 
more respective portions of the encrypted write data by translating the one or more 
locations specified in the request into one or more physical or logical locations in the 
RAID storage based at least upon the stored encrypted metadata so as to permit the one 
or more respective portions of the encrypted write data to be distributed among two or 
more storage devices comprised in the RAID storage. 

2. (Currently Amended) The method of claim 1, wherein[[:]] 

th e storage comprises a r e dundant array of ind e p e ndent disks (RAID); and 
the check data comprises one of parity data and a copy of the encrypted write 

data. 

3. (Currently Amended) The method of claim 1 , further comprising: 
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in response to an att e mpt to tamper with th e at l e ast on e key, e rasing th e at l e ast 
eee-kev wherein the configuration of the RAID storage comprises an address or a 
mapping table including a location in the RAID storage for the encrypted write data to 
be stored , 

4. (Currently Amended) The method of claim 1, further comprising[[:]] 
d e t e rmining, bas e d upon on e or mor e cr e d e ntials, wh e ther to p e rmit e x e cution of 

on e or mor e op e rations involving th e storag e decomposing the write data into the one or 
more portions before encrypting the one or more respective portions of the write data, 
the one or more portions to correspond to one or more stripes to be written into the 
RAID storage . 

5. (Currently Amended) A method comprising: 

storing encrypted metadata for determining a configuration of a redundant array 
of independent disks (RAID) storage: 

receiving a request to retrieve requested data from one or more locations in the 
RAID storage; 

translating the one or more locations specified in the request into one or more 
physical or logical locations in the RAID storage based at least upon the stored 
encrypted metadata; 

r e c e iving a r e ad request from a host proc e ssor; 

retrieving one or more respective portions of encrypted data from a plurality of 
storag e d e vic e s comprised the one or more translated locations in [[a]] the RAID storage 
coupled to th e host proc e ssor ; and 

decryptin g, based upon at least on e key stor e d within a tamp e r d e t e ction 
boundary of an encryption device coupl e d to th e host proc e ssor, the one or more 
respective portions of the encrypted read data retrieved from the storage based upon at 
least one key to generate one or more respective portions of read dat a, th e r e ad data 
g e n e rat e d by an input/output ("I/O") proc e ssor located within th e tamp e r d e t e ction 
boundary of th e encryption device . 
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6. (Currently Amended) The method of claim 5 , further comprising: 

prior to th e decrypting of th e on e or more respective portions of the encrypt e d 
data, determining, based upon on e or more credentials, whether th e r e qu e st is authoriz e d 
wherein the configuration of the RAID storage comprises an address or a mapping table 
including a location in the RAID storage where the encrypted read data is stored . 

7. (Previously Presented) The method of claim 6, further comprising: 
generating the at least one key based upon at least one of one or more tokens and 

one or more passwords. 

8. (Currently Amended) The method of claim 5[[,]] wherein[[:]] 

th e storag e also stor e s m e tadata; and th e method further compris e s comprising 
encrypting [[the]] metadata to generate the encrypted metadata based upon the at least 
one key. 

9. (Currently Amended) The method of claim 8, wherein[[:]]the metadata 
comprises partition information. 

10. (Currently Amended) An apparatus comprising: 

circuitry to receive a request to write data to one or more locations in the RAID 
storage ; 

the circuitry also being capable of: 

storing encrypted metadata for determining a configuration of a redundant 
array of independent disks (RAID) storage; 

encryp ting, based upon at least one key stor e d within a tamp e r d e t e ction 
boundary , one or more respective portions of write data to generate one or more 
respective portions of encrypted write data to be stored in one or more locations 
in the RAID storage; 
th e circuitry also being capabl e of: 
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generating, based upon the one or more respective portions of the 
encrypted write data, check data to be stored in the storage; and 

selecting the one or more locations in the RAID storage for storing the 
one or more respective portions of the encrypted write data by translating the one or 
more locations specified in the request into one or more physical or logical locations in 
the RAID storage based at least upon the stored encrypted metadata so as to permit the 
one or more respective portions of the encrypted write data to be distributed among two 
or more storage devices comprised in the RAID storage. 

11. (Currently Amended) The apparatus of claim 10, wherein[[:]] 

the storage comprises a r e dundant array of ind e p e nd e nt disks (RAID); and 
the check data comprises one of parity data and a copy of the encrypted write 

data. 

12. (Previously Presented) The apparatus of claim 10, wherein: 

the circuitry is also capable of storing the at least one key in memory; and 
in response to an attempt to tamper with the at least one key, erasing the at least 
one key from the memory. 

13. (Currently Amended) The apparatus of claim 10, wherein: 

the circuitry is also capable of determining, based upon one or more credentials, 
whether to permit execution of one or more operations involving the RAID storage. 

14. (Currently Amended) The apparatus of claim 10, further comprising: 
circuitry to receive a read request, retrieve one or more respective portions of the 

encrypted data from the plurality of storage devices comprised in the RAID storage and 
decrypting, based upon the at least one key, one or more respective portions of the 
encrypted read data retrieved from the RAID storage to generate one or more respective 
portions of read data. 



Attorney Docket No.: 42P17160 
Application No.: 10/686,410 



5 



Examiner: REZA, Mohammad W. 

Art Unit: 2136 



15. (Previously Presented) The apparatus of claim 14, wherein the circuitry is 
also capable of: 

prior to the decrypting of the one or more respective portions of the encrypted 
data, determining, based upon one or more credentials, whether the request is authorized. 

16. (Previously Presented) The apparatus of claim 15, wherein: 

the circuitry is also capable of generating the at least one key based upon at least 
one of one or more tokens and one or more passwords. 

17. (Currently Amended) The apparatus of claim 14, wherein[[:]] 

th e storage also stor e s m e tadata; and the circuitry is also capable of encrypting 
[[the]] metadata to generate the encrypted metadata based upon the at least one key. 

18. (Original) The apparatus of claim 17, wherein: 
the metadata comprises partition information. 

1 9. (Currently Amended) An articl e comprising a A tangible machine-readable 
storage medium having stored therein instructions that when executed by a machine 
result in the following: 

storing at l e ast one key within a tamper d e t e ction boundary of a circuit card 
coupl e d to a system bus of a host processor; 

storing encrypted metadata for determining a configuration of a redundant array 
of independent disks (RAID) storage : 

receiving a request to write data to one or more locations in the RAID storage: 

encrypting, based upon [[the]] at least one key, one or more respective portions 
of the write data to generate one or more respective portions of encrypted write data to 
be stored in the one or more locations of the RAID storage in a storag e coupled to the 
syst e m bus, the encrypted writ e data g e nerat e d by an input/output ("I/O") processor on 
th e circuit card ; 

generating, based upon the one or more respective portions of the encrypted write 
data, check data to be stored in the RAID storage; and selecting the one or more 
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locations in the RAID storage for storing the one or more respective portions of the 
encrypted write data by translating the one or more locations specified in the request into 
one or more physical or logical locations in the RAID storage based at least upon the 
stored encrypted metadata so as to permit the one or more respective portions of the 
encrypted write data to be distributed among two or more storage devices comprised in 
the RAID storage. 

20. (Currently Amended) The articl e tangible machine-readable storage medium 
of claim 19, wherein: 

th e storage compris e s a r e dundant array of ind e p e ndent disks (RAID); and 
the check data comprises one of parity data and a copy of the encrypted write 

data. 

2 1 . (Currently Amended) The articl e tangible machine-readable storage medium 
of claim 19, wherein the instructions when executed by the machine also result in: 

storing the at least one key in memory; and 

in response to an attempt to tamper with the at least one key, erasing the at least 
one key. 

22. (Currently Amended) The articl e tangible machine-readable storage medium 
of claim 19, wherein the instructions when executed by the machine also result in: 

determining, based upon one or more credentials, whether to permit execution of 
one or more operations involving the RAID storage. 

23. (Currently Amended) An article comprising a A tangible machine-readable 
storage medium having stored therein instructions that when executed by a machine 
result in the following: 

storing encrypted metadata for determining a configuration of a redundant array 
of independent disks (RAID) storage : 

receiving a request to retrieve requested data from one or more locations in the 
RAID storage; 
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translating the one or more locations specified in the request into one or more 
physical or logical locations in the RAID storage based at least upon the stored 
encrypted metadata; 

r e c e iving a read roquoot from a host proc e ssor; 

retrieving one or more respective portions of encrypted data from a plurality of 
storag e d e vic e s comprised the one or more translated locations in [[a]] the RAID storage 
coupled to th e host processor ; and 

decryptin g, based upon at least on e k e y stor e d within a tamper d e t e ction 
boundary of an e ncryption device coupled to th e host proc e ssor, the one or more 
respective portions of the encrypted read data retrieved from the storage based upon at 
least one key to generate one or more respective portions of read dat a, th e r e ad data 
gen e rat e d by an input/output ("I/O") processor locat e d within the tamper detection 
boundary of th e e ncryption device 

24. (Currently Amended) The articl e tangible machine-readable storage medium 
of claim 23, wherein the instructions when executed by the machine also result in: 

prior to the decrypting of the one or more respective portions of the encrypted 
data, determining, based upon one or more credentials, whether the request is authorized. 

25. (Currently Amended) The article tangible machine-readable storage medium 
of claim 24, wherein the instructions when executed by the machine also result in: 
generating the at least one key based upon at least one of one or more tokens and one or 
more passwords. 

26. (Currently Amended) The articl e tangible machine-readable storage medium 
of claim 23, wherein[[:]] th e storage also stores m e tadata; and the instructions when 
executed by the machine also result in encrypting [[the]] metadata to generate the 
encrypted metadata based upon the at least one key. 

27. (Currently Amended) The article tangible machine-readable storage medium 
of claim 26, wherein: 
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the metadata comprises partition information. 

28. (Currently Amended) A system comprising: 

a circuit board comprising a circuit card slot and a circuit card that is capable of 
being inserted into the circuit card slot, the circuit card comprising circuitry, the circuitry 
being capable of encrypting, based upon at least one key, one or more respective 
portions of write data to generate one or more respective portions of encrypted write data 
to be stored in one or more locations in a redundant array of independent disks (RAID) 
storage, 

wherein the circuitry also is capable of: 

storing encrypted metadata for determining a configuration of the 
RAH) storage : 

receiving a request to write data to one or more locations in the 
RAID storage : 

generating, based upon the one or more respective portions of the 
encrypted write data, check data to be stored in the RAID storage; and 

selecting the one or more locations by translating the one or more 
locations specified in the request into one or more physical or logical 
locations in the RAID storage based at least upon the stored encrypted 
metadata so as to permit the one or more respective portions of the 
encrypted write data to be distributed among two or more storage devices 
comprised in the RAID storage[[,]] wher e in th e circuit comprises: an 
input/output (I/O) proc e ssor, and non volatil e m e mory that is capabl e of 
storing th e at l e ast on e k e y, wh e r e in th e circuitry is capabl e of det e cting 
an attempt to tamper with th e at l e ast on e k e y, and in r e spons e to the 
attempt, erasing the at l e ast on e k e y from th e m e mory . 

29. (Cancelled) 
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30. (Previously Presented) The system of claim 28, wherein the circuit board 
also comprises: 

a host processor coupled to the circuit card slot via a bus; 

one or more token memories to store one or more tokens; and 

additional circuitry to read one or more additional tokens stored in a removable 
token memory after the removable token memory is inserted into a token reader. 



31.-33. (Cancelled) 
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